Download ItsGoin

• Lock contention overhaul — All conn_mgr lock holds during network I/O eliminated across 14 handlers. Brief locks for data gathering only; all network operations run lock-free.
• StoragePool — 8 concurrent SQLite connections in WAL mode replace the single Mutex. Reads run fully parallel; writes serialize only at the SQLite level.
• Initial exchange fix — Failed initial exchanges now abort the mesh upgrade instead of silently continuing with a broken connection.
• Connect timeout — connect_to_peer and connect_to_anchor now use a consistent 15s timeout. ResolveAddress adds 5s per-query timeout (was unbounded).
• Worm cascade unlock — WormLookup, ContentSearch, and WormQuery use connection snapshots for lock-free fan-out.
• Bottom nav bar — Mobile/tablet (≤768px) gets a fixed bottom navigation bar with icon tabs. Desktop keeps the top tab bar.
• Text size update — Five options: XS (75%), S (100%), M (125% default), L (150%), XL (200%). Persisted to localStorage for instant restore on startup.

• Welcome screen — Startup shows “How’s it goin?” with staggered counters (connections, posts, messages, reacts, comments) while the backend bootstraps. Replaces the blank-screen wait.
• Status ticker — Header ticker shows new posts, messages, reactions, comments, and connection state changes as they arrive.
• Notification improvements — Tauri plugin → Web Notification API → notify-rust fallback chain. Linux native desktop notifications now work.
• Responsive text scaling — Small/Normal/Large text size (100%/150%/200%), persisted via settings. Default bumped to Normal (150%).
• Diagnostics popover — Network diagnostics moved from inline section to overlay popover. Connections loaded on-demand. Timer countdowns removed.
• Share details lightbox — QR code + connect string in a modal overlay from People tab.
• Connect string improvement — Prefers external address (UPnP/public IPv6/observed) over local bind address.
• Stale N1 fix — Disconnected social routes excluded from N1 share. Prevents dead nodes appearing online to peers.
• Replication handler fix — Actively fetches posts + blobs from requester after accepting replication. Previously relied on pull cycle which doesn’t work for infrastructure nodes.
• Hole punch fix — Target-side registers publicly routable remote address for relay introduction. Fixes address injection for subsequent connections.
• Replication semaphore — Concurrent replication handlers capped at 3 to prevent overload.
• Peer labels — Display names now show truncated node ID for disambiguation.

• Security: Reaction signatures — Reactions now carry ed25519 signatures. Forged reactions from other NodeIds are rejected. Backward-compatible with unsigned reactions from older nodes.
• Security: Comment signature verification — Comment signatures (already present) are now verified on receipt. Forged comments rejected.
• Security: Reaction removal auth — Only the reactor or post author can remove reactions. Previously any peer could strip reactions.
• Security: BlobHeader author verification — Header rebuild verifies author against stored post, not trusted from payload.
• Lock contention: ManifestPush discovery — cm lock released before PostFetch network I/O. Was holding lock during entire discovery (5s+ freeze).
• Lock contention: Pull request handler — Load posts under lock, filter without lock, brief re-lock for is_deleted. Was holding lock during full post list iteration.
• Lock contention: Pull sender — Split into two brief locks (store, then batch upstream+sync). Was holding one long lock for all operations.
• Lock contention: Engagement checker — Batch writes per chunk with single lock. Was acquiring lock per post (100+ times).
• Data cleanup — Post deletion now cleans up post_downstream, post_upstream, and seen_engagement tables.

• Protocol v4: Header-driven sync — Major sync protocol revision. ManifestPush now triggers post discovery from CDN tree headers. Bandwidth reduced ~90% for established nodes.
• Slim PullSyncRequest — Per-author timestamps replace full post ID lists. Request size drops from O(posts) to O(follows). Backward-compatible with v3 peers.
• Tiered pull frequency — Pull cycle checks every 60s but only syncs stale authors (4-hour default). Full pull only on first tick. Most ticks do nothing.
• Tiered engagement checks — Engagement polling frequency scales with content age: 5min (<72h), 1hr (3-14d), 4hr (14-30d), 24hr (>30d). Single SQL query filters due posts.
• Header-driven post discovery — ManifestPush triggers PostFetch for missing followed-author posts (capped at 10 per manifest). CDN tree becomes the notification system.
• Multi-upstream (3 max) — Posts track up to 3 upstream sources with priority ordering. Engagement diffs sent to all upstreams. Fallback on upstream failure.
• Lock contention fixes — 6 hot paths optimized: get_blob_for_post (3→1 locks), prefetch (lock-free blob checks), serve_post (4→2 locks), badge cycle (N+2→1 IPC call).

• Network indicator — Header shows connection status dot (black/red/yellow/green for 0/1/2-10/11+ connections) with capability labels (Public, Server).
• Tab badges — Feed shows new post count, My Posts shows new engagement count, People shows online count, Messages shows unread conversation count. Numbers only, no labels.
• Message read tracking — Conversations marked as read on open, close, and send. Prevents re-notification of already-seen messages.
• Active CDN replication — All devices proactively request replication of their recent posts (<72h) to connected peers. Targets prioritized: desktops > anchors > phones. Graceful with small networks (1 peer = 1 replica). ReplicationRequest/Response (0xE1/0xE2) wire messages.
• Device roles — Nodes classified as Intermittent (phones), Available (desktops), or Persistent (anchors). Advertised in InitialExchange. Influences replication target selection and budget defaults.
• Bandwidth budgets — Hourly replication budget (content pulled to cache) and delivery budget (content served). Phones: 100MB/1GB, Desktops: 200MB/2GB, Anchors: 200MB/1GB. Auto-reset hourly. Blob serving declines when delivery budget exhausted.
• Cache management — 1GB default cache limit (configurable 256MB–unlimited). Eviction cycle now active (was implemented but never started). Priority scoring with share-link boost (+100 for 3+ downstream). Cache pressure score (0–255) for future budget advertisement.
• Engagement distribution fix — BlobHeader JSON now rebuilt after processing BlobHeaderDiff ops. Previously reactions/comments stored in tables but header JSON stayed stale, breaking pull-based sync for downstream peers.
• Tombstone system — Deleted reactions/comments are tombstoned (deleted_at timestamp) instead of hard-deleted. Tombstones propagate through pull sync, ensuring deletes reach peers that missed the real-time diff.
• Persistent notifications — Notification tracking backed by seen_engagement and seen_messages tables. Only notifies on genuinely unseen content. Survives app restarts.
• DOS hardening — BlobHeaderDiff fan-out capped at 10 concurrent sends. Blob prefetch capped at 20 per cycle. PostDownstreamRegister capped at 50 per sync. Delivery budget enforcement on blob serving.
• Pull preference — Blob fetches prefer non-anchor sources (phones > desktops > replicas > anchors) to preserve anchor delivery budget for web requests.

• Private blob encryption — Attachments on encrypted posts (Friends, Circle, Direct) are now encrypted with the same CEK as the post text. Public blobs remain plaintext. CID computed on ciphertext preserves content addressing.
• Blob prefetch on sync — When posts are pulled from peers, their attachments are eagerly fetched for offline availability. Previously blobs were only fetched on view.
• Crypto refactoring — Extracted reusable primitives: encrypt_bytes_with_cek, decrypt_bytes_with_cek, unwrap_cek_for_recipient, unwrap_group_cek. Foundation for encrypted blob storage and future chunk-level encryption.
• Intent-based post filtering — Feed, My Posts, and Messages now filter on the author's original visibility intent (intentKind) rather than encryption state.
• Encrypted receipt slots — Private messages get encrypted receipt and comment slots in BlobHeader. Delivery indicators, read receipts, and message reactions.
• Download filename sanitization — Prevents path traversal in downloaded file names.

• Comment edit & delete — Edit or delete your own comments. Trust-based: post authors can also delete comments on their posts. Propagates via BlobHeaderDiff to all holders.
• Native notifications — System notifications via Tauri plugin (works on all platforms). Notifications for messages, new posts, reactions, and comments. Configurable in Settings with button-group toggles.
• Forward-compatible protocol — Unknown BlobHeaderDiffOp variants are silently ignored instead of crashing deserialization. Prevents old nodes from breaking when new features are added.
• Following: Online/Offline — Self removed from following list. Offline follows hidden behind lightbox popup. Shows expanded if no one is online.
• DM filter fix — Sent direct messages no longer appear in My Posts tab.
• Comment threading fix — Comments now work correctly in My Posts tab (duplicate element ID scoping fix).
• Dropdown text fix — Select dropdowns across the app now have legible text in WebKitGTK native popups.

• IPv6 HTTP address fix — Nodes with public IPv6 now correctly advertise their real address for direct browser access, instead of 0.0.0.0. Fixes share link video/image serving for IPv6-reachable nodes.
• Video preload fix — Share link videos and in-app videos from peers now buffer properly for playback (preload="auto"). Previously only the first frame loaded.
• Connection rate limiting — Incoming connections that fail authentication are rate-limited per source IP (3 attempts, then exponential backoff up to ~4 minutes). Prevents CPU exhaustion from rogue or stale nodes spamming auth failures.
• Schema versioning — Database tracks schema version via PRAGMA user_version. Future upgrades can run data migrations automatically. Databases too old to migrate are reset cleanly.
• N2/N3 freshness — TTL reduced from 7 days to 5 hours. Full N1/N2 state re-broadcast every 4 hours catches missed diffs.
• Bootstrap isolation recovery — 24 hours after startup, nodes verify the bootstrap anchor is within N1/N2/N3 reach. If absent, they reconnect and request referrals. Bootstrap is added to sticky N1 for 24 hours so mesh peers discover it via diffs.
• Following: Online/Offline — People tab splits followed peers into Online and Offline sections with “Last online” timestamps.
• DM filter — Direct messages no longer appear in My Posts tab.
• Bidirectional engagement propagation — Reactions and comments now flow both upstream (toward author) and downstream through the CDN tree. Previously only downstream propagation existed, so the post author often never received reactions.
• Auto downstream registration — Nodes that receive a post via pull sync or push notification automatically register as downstream peers. This ensures engagement diffs reach all holders without manual registration.
• Upstream tracking — New post_upstream table records which peer each post was received from, enabling engagement to flow back toward the author hop-by-hop through the CDN tree.
• N2/N3 freshness — TTL reduced from 7 days to 5 hours. Full N1/N2 state re-broadcast every 4 hours catches missed diffs. Disconnect cleanup already removes departed peer's contributions immediately.
• Bootstrap isolation recovery — 24 hours after startup, nodes check if the bootstrap anchor is within their N1/N2/N3 reach. If absent, they reconnect and request referrals. The bootstrap is added to sticky N1 for 24 hours so mesh peers discover it via diffs, bridging isolated network segments back together.
• Following: Online/Offline — People tab splits followed peers into Online and Offline sections with “Last online” timestamps. DMs no longer appear in My Posts.
• Video playback — Videos now play correctly in-app on both desktop and Android.
• On-demand blob fetch — Media attachments that haven't synced locally are fetched from peers when you view them.
• Image loading fix — Asset protocol properly configured for streaming images from disk. Fallback to IPC if asset protocol fails.
• Image lightbox — Click any image to view full-size. Escape or click to close.
• File attachments — Attach any file type to posts. Non-media files show as download buttons with a trust warning prompt.
• Audio player — Audio attachments display with native playback controls.
• Video download — Download button under video player saves to Downloads folder.
• Share link fix — Fixed redirect to 0.0.0.0 — unroutable addresses are now skipped, falling through to QUIC proxy correctly.
• TCP hole punch protocol — New wire messages (TcpPunchRequest/Result) enable direct HTTP serving from nodes to browsers, reducing proxy load on itsgoin.net.
• Tiered web serving — Share links try direct redirect to HTTP-capable post holders before falling back to QUIC proxy.

• Engagement sync — Pull sync now fetches reactions, comments, and policies from peers. Previously these only propagated via real-time push.
• Profile push fix — Name and bio changes now sent to all connected peers immediately, not just audience members.
• Auto-sync on follow — Following someone immediately pulls their posts into your feed.
• Popover UI — Notifications, diagnostics, and message threads open as overlay windows instead of inline sections.
• Notification settings — Configure message, post, and nearby-user notifications from Settings.
• Smart DM polling — Message refresh rate scales with conversation recency (5s–daily).
• Reaction display — Posts show top 5 emoji reactions + total response count.

• Full rename distsoc → ItsGoin — ALPN, crypto contexts, data paths, Android package ID all changed. Clean break — incompatible with prior versions.

• Engagement system — Reactions (public + private encrypted), inline comments with ed25519 signatures, and author-controlled comment/react policies. Full UI with emoji picker, reaction pills, and expandable comment threads.
• CDN tree for all posts — New post_downstream table gives every post (including text-only) a propagation tree. Engagement diffs flow through the file layer via BlobHeaderDiff (0xD0), never mesh.
• 4 new wire messages — BlobHeaderDiff (0xD0), BlobHeaderRequest/Response (0xD1/0xD2), PostDownstreamRegister (0xD3). Policy enforcement in handlers (blocklist, audience-only, permission checks).
• Thread splitting — Headers exceeding 16KB automatically split oldest comments into linked thread posts, keeping engagement propagation lightweight.

• Per-family NAT classification — IPv4 and IPv6 public reachability detected independently. Fixes false "public (v4+v6)" when only IPv6 is public, which was silently breaking IPv4 hole punches.
• STUN always runs — IPv6-only anchors now correctly probe their IPv4 NAT type instead of assuming "Public". Only --bind (explicit server) skips STUN.
• Anchor address fallback — Anchors without --bind or UPnP now advertise their public IPv6 address, so peers save them in known_anchors for preferential reconnection.
• Bootstrap deprioritization — Discovered anchors are tried before hardcoded bootstrap anchors at startup, reducing bootstrap server load as the network grows.

• ConnectionManager actor redesign — Replaced global mutex with actor pattern (ConnHandle + ConnectionActor). Network operations no longer block each other — 14 I/O code paths that previously held the lock for up to 15 seconds now run concurrently.
• 60+ call sites migrated — All network and node code uses the new lock-free ConnHandle API. Public mutex accessor removed.
• I/O extraction — Broadcast, push, pull, relay, anchor register, and address resolution all execute outside state locks.

• NAT filter probe — Anchor probes your NAT filtering type (address-restricted vs port-restricted) by attempting to reach you from a different source port. Eliminates unnecessary port scanning for the majority of connections.
• Role-based NAT traversal — Each side now takes the correct role based on its NAT profile: EIM nodes punch every 2s (stable port), EDM nodes walk outward at 100/sec (opening firewall entries). Previous burst-scan design replaced with steady ~100 ports/sec outward walk.
• IPv4 vs IPv6 public — Public reachability now distinguished by protocol family (v4 only, v6 only, v4+v6). Prevents false assumptions when only one family is public.
• Scanning cleanup — Scan tasks properly cancelled via JoinSet between attempts. Previous design spawned 37K+ fire-and-forget tasks.

• Focused port scanning — Scanning now targets only the anchor-observed IP address instead of all self-reported addresses, reducing wasted scan budget on unreachable VPN/cellular IPs.
• Scan on unknown NAT — Port scanning now triggers when peer NAT type is unknown (e.g. peer running older version), not just when explicitly EDM.

• Anchor self-verification — Nodes with public addresses now verify their reachability via cold-connect probes from N2 strangers. Two consecutive failures revoke anchor status.
• Advanced NAT traversal — Hard+hard NAT pairs are no longer skipped. Port scanning (tiered: ±500, ±2000, full ephemeral range) attempts direct connection before falling back to relay.
• NAT profile sharing — Peers exchange mapping (EIM/EDM) and filtering (open/port-restricted) classification during connection, enabling smarter hole punch decisions.
• Behavioral NAT inference — Filtering type is refined from actual connection outcomes — no unreliable upfront probing needed.

• NAT type detection — STUN probing on startup classifies your NAT as Public, Easy, or Hard. Shared with peers during connection.
• Skip futile hole punches — When both peers are behind hard/symmetric NATs, skip the 30-second hole punch attempt entirely.

• Anchor advertised address — Anchors advertise their stable bind address in initial exchange, so peers always store the correct reconnection address.
• Observed address notification — Peers tell each other "I see you at <ip:port>" during connection — lightweight STUN-like address feedback.

• UPnP port mapping — Devices behind NAT routers automatically request a port forward via UPnP, becoming directly reachable without manual configuration.
• Auto-anchor promotion — Devices with a successful UPnP mapping self-declare as anchors, improving bootstrap diversity for all peers.
• Hole punch fix — Target-side hole punch connections were silently discarded; now properly registered as sessions so both sides of a NAT punch succeed.

• Request Referrals button — On-demand peer referral requesting in Network Diagnostics.
• Docker bridge IP filtering — Peer introductions no longer leak Docker bridge IPs.
• Keepalive fix — Sender-side last_activity update prevents false zombie detection.
• Message threads — DM conversations grouped by partner with expandable thread view.
• Mesh/reach diagnostics — Peer cards show reach level badges (Mesh/N1/N2/N3).

• Audience request button — "Ask to join audience" on followed peers.
• DMs filtered from feed — Direct messages show only in Messages tab.
• Peer bios displayed — Bio text shown below peer names in People tab.
• People tab auto-refresh — Follows, peers, audience refresh every 10 seconds.
• Button feedback — Loading state and toast confirmation on diagnostics refresh.

• Fix connection lock contention — QUIC connect no longer blocks all tasks.
• Image attachments display — Fixed CSP blocking blob: URLs.
• Non-blocking startup — Referral connections run in background.
• Connect timeout — 15-second cap on connection attempts.
• Android foreground service — Mesh stays alive in background.

• IPv4-mapped address fix — Normalized dual-stack addresses for NAT traversal.
• Mesh keepalive — 30-second pings prevent zombie detection on idle connections.
• Audience management — Approve/Deny/Remove audience members.
• Network diagnostics overhaul — Summary grid, peer cards, connection breakdown.
• Manual rebalance — Trigger immediate mesh rebalancing from Settings.
• Reset all data — Clear local data while preserving identity key.

• Reactive mesh growth loop — New peers connect within seconds.
• Anchor matchmaking only — Anchors introduce peers, never proxy bytes.
• Parallel hole punching — NAT traversal tries all addresses simultaneously.
• Relay-observed address injection — Fixes NAT-to-NAT hole punching.
• Growth loop introduction fallback — Bilateral hole punching when direct fails.